NSA Cryptography References?

tqft asks: "As an amateur crypto freak I am interested in the NSA. I have been following them on and off for years. Having read 'Body of Secrets' by James Bamford while I got a good feel for some of the history particularly ELINT and political maneuverings, I am interested in finding a more thorough book, article(s), links on their cypto work. Anyone know of good references on their crypto work? Yes I know they don't publish per se, but the references to what has been published are out there somewhere."

IN SOVIET RUSSIA

[keesh]

There's lots of information on the NSA...

Have you tried their museum?

http://www.nsa.gov/museum/tour.html

They do hold patents

[pjcreath]

The USPTO lists 105 patents assigned to the NSA. They're not all related to cryptography (some have to do with data capture, analysis, etc.) but a number are.

Re:They do hold patents

[Twylite]

Don't forget that the NSA has special preference when it comes to patents. They can keep their discovery or invention secret for an unlimited amount of time, and when it is "discovered", published or patented by the private sector they can assert ownership of the patent for a further 17 or 25 years.

Straight from the horses mouth...

[cuiousyellow]

I drive past the NSA National Cryptologic Museum on the way to work every day.

Can't say I've actually seen what it has to offer...

Re:Straight from the horses mouth...

Can't say I've actually seen what it has to offer...

Of course you haven't. It's all encrypted.

All the real data...

...is encrypted.

Applied Cryptography

[primal39]

While not NSA centric, Bruce Schneier's Applied Crytography is a great practical overview of crypto in general, with lots of practical examples and code.

Shh!

[Hell+O'World]

Ixnay on the estionsquay! They might ind-outfay about the ecretsay abalcay!

(Don't hear everything you believe, the ears have walls)

ELINT??

[Danse]

Sounds like a failed dotcom company :)

Re:ELINT??

[The+Iconoclast]

heh, I never thought about that pronunciation before. 'e-lint' as in "elint.com: Your web laundy" :-) as opposed to 'EL-INT', Electronic Intelligence.

Actually, that would have been a cool dot bomb. Go online, put in your addy, then a truck comes by to pick up your skivvies, and they come back the next day all neatly pressed!

I smell VENTURE CAPITAL!!! :-D

NSA Crypto Museum

[marvinx]

If you're near the NSA, you should go check out the NSA Crypto museum. Not only is the museum really interesting, but they have a wonderful library. The library is full of crypto material of all sorts. It's a public library, so have fun!

Re:NSA Crypto Museum

[sean.m.bober]

Rememeber. While at the library, don't checkout "The Catcher in the Rye". ;)

Sean

Must suck...

[Minupla]

to work at the NSA. I know I cringe when I see how holywood blows it whenever they put a computer in a movie, and computers are pretty common place and easily understood when compared to the NSA and cryptography. I imagine it must make them nuts to watch someone break the code on the NSA mainframe by connecting their acoustic modem to the doorbell. :)

Re:Must suck...

It can suck to work at many of the Three Letter Agencies.

I used to live in Northern VA, and there were quite a lot of folks I knew who were connected to spooks. Several friends in high school had dads that were CIA. Most of their parents were divorced, and dad would spend a lot of time "out of town". Plus side was that their houses were the best places for parties and just in general hanging out.

One of them even went to work for the CIA as a summer job. Her job was to escort building visitors to/from appointments. Interviewees, plumbers, electricians, just general visitors. Downside was that you could only do it for two years, tops. After that it was either sell your soul and work there forever, or quit and never come back.

A friend was married to a woman who worked for one, NRO, I think. Bad office politics was making her hate her job, but there wasn't much she could do about it. She couldn't even complain to her husband.

"How was work today, honey?
"Terrible!" "Really?" "Yeah, and I can't tell you anything more about it than that, or I'll be committing a felony!"

Three years later: Divorce.
I saw that same sort of scenario play out twice more before I moved out of the area.

Enlist

[ikeleib]

I think to find out the information you are seeking, you need to work at the NSA in one of the higher echelon positions.

Re:Enlist

To get the high-level information you need to be near the bottom - comm centre tech, etc.

I worked at a medium/low level of GCHQ and my access to classified information was better than the director had. I often saw what never made it "to the top floor" (so to speak).

As for cutting edge stuff, yes you would be better off higher up.

Hmm, did we just slashdot the nsa?

[balog]

at least i can't come through...

nsa homepage

Books

[rwash]

The book on the history of cryptography is David Kahn's The Codebreakers. If you haven't read it, you should.

You can't forget Bamford's first book, Puzzle Palace either. The earlier history of the NSA.

Re:Books

[AssFace]

There is also "The Code Book" by Simon Singh which obviously covers largely the exact same thing since there is a fixed amount of history for them to discuss.
Both are good - but the Kahn book is much larger.

Singh offered a contest with prizes that lasted a few years and many of the relatively big names in crypto (the ones that aren't at the NSA or some company where they have to stay quiet about what they do) worked on it and broke all the various levels.

Most stuff is second hand

[abulafia]

For starters, check out

http://cypherpunks.venona.com/

Most material is second hand, but as you read, you get a good feel of things.

There's also a huge amount of garbage there.

I've been a subscriber, most of the time, since 1994, although it usually isn't a good idea to post unless you have a lot of time to fight with a bunch of nuts.That said, it is a very good source of opinions, and once in a great while something very interesting happens (RC4 was disclosed anonymously a log time ago, for instance).

Not a whole lot

[randombit]

Obviously, 99% of the stuff NSA does is not published publicly. However, there are a few things you can look at. First, as others have noted, NSA has a lot of patents. Secondly, there are a few NSA designed algorithms which have become well known publicly, including: DES, Skipjack, DSA, SHA-1, SHA-256, and SHA-512 (you can find information about all of these on NIST's web page). However, keep the following things in mind: In all cases, the NSA knew that these algorithms would be public, and so they almost certainly didn't use their best tricks in designing the algorithms. Also, to the best that anyone knows, the military still mostly uses stream ciphers. Nobody has ever seen an NSA designed stream cipher.

Re:Not a whole lot

[quecojones]

Secondly, there are a few NSA designed algorithms which have become well known publicly, including: DES, Skipjack, DSA, SHA-1, SHA-256, and SHA-512 (you can find information about all of these on NIST's web page).

AFAIK, DES was designed by IBM (it was originally called LUCIFER or something) and it was originally 128 bit instead of 56/64 bit like DES. NSA modified IBM's design and released it as DES.

• http://www.sans.org/rr/encryption/DES2.php
• http://www.sans.org/rr/encryption/DES.php
• http://www.rsasecurity.com/rsalabs/faq/3-2-1.htm l
• http://www.everything2.com/index.pl?node=DES
• http://www.everything2.com/index.pl?node=Lucifer

Bruce Schneier's AC

[FreeMath]

Applied Cryptography has a couple thousand references. Some are old NSA publications. It's a good book to have anyway.

See what HAS been published...

For instance, Skipjack and KEA (don't overlook KEA, it's much more interesting than Skipjack; it's a bit complicated, but you can see some REALLY cool stuff in there).

If you're interested in more than just security analyses of algorithms, check out some of the stuff the NSA did during the AES selection process, like this.

You can also check out the cryptological museum run by the NSA near Columbia, Maryland. There are documents on design and implementation of encryption devices all over the place; for instance, SIGSALY, the first digital voice encryption system, used World War II!

Finally, check out patents! The NSA has the patent secrecy act behind it; they've classified a number of applications, only to declassify them later. Patent applications for the above-mentioned digital voice encryption system were declassified in the 1970s. A patent application on an Enigma-like rotor encryption device was declassified a just few years ago. This should give you an idea of what the NSA might have been working on.

swollef nairb mi

swollef nairb mi

Re:Funier in morse

Its much funbier in morse but site filters out "junk" characters... .----. -- -...

They = Us! (was: Re: Ssh!)

[RedPhoenix]

> Ixnay on the estionsquay! They might ind-outfay
> about the ecretsay abalcay!

Interestingly enough, with the dept. having one of the highest geeks-per-square-meter counts in government, and with many geeks being avid slashdot readers, "they" should really be "we"!

There will be hundereds of slashdotters in the organisation - not for any dark and shadowy reason, not to spy on Slashdot... but just because they like 'Stuff that Matters'.

Red.

following them for years...

[zonker]

"I have been following them on and off for years."

I bet if you keep that up, they'll be following you...

Declassified NSA at Aegean Park Press; Oakland con

The biggest collection of declassified NSA textbooks is at Aegean Park Press, a small publisher specializing in encryption and spy texts. Many of them are in the original government typewriter fonts with the original classification marks (crossed off by the Freedom of Information process that released them).

If you want to meet real NSA cryptographers, you can go to the IEEE Symposium on Security and Privacy, colloquially known as the "Oakland conference" because it's held at the beautiful Claremont resort hotel. Here's a review of last year's conference.

Russian book

If you can get the translated version of the Russian book "Radio Espionage," it is quite excellent and discusses all sorts of things on topic. I know that FBIS did a translation a couple of years back, if you have any contacts. Google, however, returns no references. Sorry.

The book discusses a lot of what might be in Body Of Secrets, but everything is from the Russian point of view, which keeps it interesting. They discuss many of the logistics NSA and others had to use to get access to things like the Japanese Purple codes (which were considered so secure that their pride in their work kept them from acknowledging the blatent evidence that Purple had been compromised).

Also discusses how diplomatic one-time-pads were compromised. Special books with special bindings in special safes guarded by guards who, at exactly 12:15 would get up, do the same patrol, and then go back to listening to the ball game.

Frank B. Rowlett

[krinsh]

I read a book over the summer, loaned to me by the guy who created the FBI fingerprint database. I don't remember the title; but the first 3/4 was from Mr. Rowlett's own notes and autobiographical content and the remainder was biography taken from his notes. Apparently Mr. Rowlett wrote considerable, detailed notes and was at one point awarded a cash prize for secret and not-so-secret inventions of his in lieu of getting to patent them himself or apply them to a commercial enterprise. You should definitely look that name up.

I have read the first couple chapters of Applied Cryptography - I don't have $60 for it right now and there are other topics I need to work on before I get to crypto - but heed others' recommendations and get it if you are interested in crypto itself and not just the NSA in general. It's very interesting and at once overwhelming.

Cryptologia

[Detritus]

You might look for issues of Cryptologia, a journal of the history and technology of cryptography. Some of the best articles have been collected and reprinted in book form by Artech House.

• Machine Cryptography and Modern Cryptanalysis
• Cryptology: Machines, History, and Methods
• Selections From Cryptologia: History, People & Technology
• Cryptology: Yesterday, Today, and Tomorrow

All about the NSA

[quintessent]

Here. I'll tell you everything. Hold on a second, while I get my AOFJ:IO#reaKLEnfla;we;qw2ateats.zxcvxc

Mod up, interesting

*nt*

Worked there

[slick_bill_willy]

Bamford's new book is pretty good. I worked at NSA for 10 years from the 80s to the 90s and knew many of the people in the book. But even I learned about some things invented by people I worked with (done before my time, tho).

The "Puzzle Palace" had some major inaccuracies. I think Bamford had better access for the latest book. (I knew some of the people he interviewed.)

I've been to the Cryptologic museum, and it's pretty humbling to see equipment I used day-to-day as "historical". Makes me feel old.

BTW, it is pronounced ee-lint. Both my wife and I are certified cryptologic signal analysts (i.e. certified in comint, elint and fisint).